Development

Changeset 11932

You must first sign up to be able to contribute.

Changeset 11932

Show
Ignore:
Timestamp:
10/03/08 21:45:54 (6 years ago)
Author:
fabien
Message:

[1.1] fixed XSS vulnerability in error messages if they embed the value submitted by the user

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved
  • branches/1.1/lib/validator/sfValidatorError.class.php

    r9048 r11932  
    9292    foreach ($this->arguments as $key => $value) 
    9393    { 
    94       $arguments["%$key%"] = $value; 
     94      if (is_array($value)) 
     95      { 
     96        continue; 
     97      } 
     98 
     99      $arguments["%$key%"] = htmlspecialchars($value, ENT_QUOTES, sfValidatorBase::getCharset()); 
    95100    } 
    96101 
  • branches/1.1/test/unit/validator/sfValidatorDateTest.php

    r9897 r11932  
    9999{ 
    100100  $t->pass('->clean() throws a sfValidatorError if the date does not match the regex'); 
    101   $t->like($e->getMessage(), '/'.preg_quote($v->getOption('date_format'), '/').'/', '->clean() returns the expected date format in the error message'); 
     101  $t->like($e->getMessage(), '/'.preg_quote(htmlspecialchars($v->getOption('date_format'), ENT_QUOTES, 'UTF-8'), '/').'/', '->clean() returns the expected date format in the error message'); 
    102102  $t->is($e->getCode(), 'bad_format', '->clean() throws a sfValidatorError'); 
    103103} 
  • branches/1.1/test/unit/validator/sfValidatorErrorTest.php

    r5581 r11932  
    1515$v = new sfValidatorString(); 
    1616 
    17 $e = new sfValidatorError($v, 'max_length', array('value' => 'foo', 'max_length' => 1)); 
     17$e = new sfValidatorError($v, 'max_length', array('value' => 'foo<br />', 'max_length' => 1)); 
    1818 
    1919// ->getValue() 
    2020$t->diag('->getValue()'); 
    21 $t->is($e->getValue(), 'foo', '->getValue() returns the value that has been validated with the validator'); 
     21$t->is($e->getValue(), 'foo<br />', '->getValue() returns the value that has been validated with the validator'); 
    2222 
    2323$e1 = new sfValidatorError($v, 'max_length', array('max_length' => 1)); 
     
    3030// ->getArguments() 
    3131$t->diag('->getArguments()'); 
    32 $t->is($e->getArguments(), array('%value%' => 'foo', '%max_length%' => 1), '->getArguments() returns the arguments needed to format the error message'); 
    33 $t->is($e->getArguments(true), array('value' => 'foo', 'max_length' => 1), '->getArguments() takes a Boolean as its first argument to return the raw arguments'); 
     32$t->is($e->getArguments(), array('%value%' => 'foo&lt;br /&gt;', '%max_length%' => 1), '->getArguments() returns the arguments needed to format the error message, escaped according to the current charset'); 
     33$t->is($e->getArguments(true), array('value' => 'foo<br />', 'max_length' => 1), '->getArguments() takes a Boolean as its first argument to return the raw arguments'); 
    3434 
    3535// ->getMessageFormat() 
     
    3939// ->getMessage() 
    4040$t->diag('->getMessage()'); 
    41 $t->is($e->getMessage(), '"foo" is too long (1 characters max).', '->getMessage() returns the error message string'); 
     41$t->is($e->getMessage(), '"foo&lt;br /&gt;" is too long (1 characters max).', '->getMessage() returns the error message string'); 
    4242 
    4343// ->getCode() 
  • branches/1.1/test/unit/validator/sfValidatorTimeTest.php

    r11549 r11932  
    100100{ 
    101101  $t->pass('->clean() throws a sfValidatorError if the time does not match the regex'); 
    102   $t->like($e->getMessage(), '/'.preg_quote($v->getOption('time_format'), '/').'/', '->clean() returns the expected time format in the error message'); 
     102  $t->like($e->getMessage(), '/'.preg_quote(htmlspecialchars($v->getOption('time_format'), ENT_QUOTES, 'UTF-8'), '/').'/', '->clean() returns the expected time format in the error message'); 
    103103  $t->is($e->getCode(), 'bad_format', '->clean() throws a sfValidatorError'); 
    104104}